Guest User!

You are not Sophos Staff.

talex

Important Notes

The initial UTM 9.703 release was pulled back and replaced with a new build (9.703-3), where the code change for "NUTM-11173 [Basesystem] IPsec doesn't re-connect on DHCP interface after firmware upgrade" is reverted. More information and RCA can be found in the KBA at: https://community.sophos.com/kb/en-us/135383.

The new version of UTM 9.703 is available at our download server.

There are two update packages available:

  • One for customers, who are still on UTM 9.702 (u2d-sys-9.702001-703003.tgz.gpg) and
  • One for customers, who have already updated to 9.703-2 (u2d-sys-9.703002-703003.tgz.gpg).

Both update will be available via our Up2Date server later.

 

Up2Date Information

News

  • Maintenance Release
  • Add Support for new SD-RED 20 and SD-RED 60 devices

Remarks

  • System will be rebooted
  • Configuration will be upgraded
  • Connected REDs will perform firmware upgrade
  • Connected Wifi APs will perform firmware upgrade

Issues Resolved

  • NUTM-9381 [Access & Identity] WebAdmin user getting an error while browsing 'Sophos Transparent Authentication Status' tab
  • NUTM-11258 [Access & Identity] [SAA] Wrong version of SAA displayed in Windows with MSI installer
  • NUTM-11578 [Access & Identity] Patch strongSwan (CVE-2019-10155)
  • NUTM-11589 [Access & Identity] [SAA] Add TLS 1.2 support for Windows client
  • NUTM-11590 [Access & Identity] [SAA] Add TLS 1.2 support for macOS client
  • NUTM-11675 [Access & Identity] Patch PPTP and L2TP pppd (CVE-2020-8597)
  • NUTM-11109 [Basesystem] Status lights blinking green constantly on SG 1xx and XG 1xx series
  • NUTM-11255 [Basesystem] Fix "Internet IPv6" binding in case of multiple IPv6 uplinks
  • NUTM-11417 [Basesystem] SG115rev3 HA eth3 interface flapping after update to 9.7
  • NUTM-11645 [Basesystem] Patch libxml2 (CVE-2019-19956, CVE-2020-7595)
  • NUTM-11561 [Configuration Management] Unable to load certificate list in WebAdmin when large number of certificates present
  • NUTM-10803 [Email] S/MIME signed mails have an invalid signature if 3rd party CA is used
  • NUTM-11240 [Email] Recipient verification fails due to incomplete LDAP search query
  • NUTM-11662 [Email] Bad request for release mails out of the quarantine report after update to 9.7 MR1
  • NUTM-11485 [Kernel] Patch Linux Kernel (CVE-2019-18198)
  • NUTM-11288 [Localization] AWS Current Stack link is incorrect
  • NUTM-11081 [Network] Up-link balancing not clearing conntracks when interface goes down
  • NUTM-11218 [Network] ulogd restarting/core-dumps
  • NUTM-11614 [Network] Increase GARP buffer
  • NUTM-11676 [Network] Patch pppd (CVE-2020-8597)
  • NUTM-11573 [RED] RED interface doesn't obtain IP after UTM reboot
  • NUTM-11467 [RED_Firmware] RED15w WPA/WPA2 enterprise cannot connect
  • NUTM-11822 [RED_Firmware] RED15 firmware update might fail if flash has bad blocks
  • NUTM-11378 [Reporting] Top5 Malware won't be displayed in Executive Reports if those are sent as PDF
  • NUTM-11220 [Sandstorm] When opening Sandstorm activity which contains Korean characters for example, you get this error "cannot decode string with wide characters at encode.pm line 174"
  • NUTM-10202 [UI Framework] [SAA] Live user table doesn't scale with very long names
  • NUTM-11084 [UI Framework] Webadmin Information popup not visible
  • NUTM-11191 [UI Framework] Can't download certificate in WebAdmin when name contains apostrophe
  • NUTM-11584 [UI Framework] Replace FTP Up2date download link in WebAdmin with HTTPs
  • NUTM-11598 [UI Framework] Internal Server Error alert thrown with initial Webadmin request after installation
  • NUTM-11725 [UI Framework] Update prototype
  • NUTM-11130 [Web] Add configuration for savi_scan_timeout
  • NUTM-11346 [Web] Warn page proceed fails due to missing parameters
  • NUTM-10269 [Wireless] SSID stops broadcasting
  • NUTM-11581 [Wireless] User with "Wireless Protection Manager" rights is unable to change wireless settings if mesh is configured
Related
Recommended

  • Seems there is something seriously broken in 9.703.

    I have to go down to MTU=1320 at several sites since we updated to that version there to reach resources outside the LAN.

    This happens with SG210, SG230, SG135w, SG115w, SG105 and a software appliance as well.

    Since the rest of the equipment in the networks didn't  change, I suspect something is wrong with MSS and / or MTU handling.

    I think it is time to publish either an emergeny patch or withdraw 9.703!

  • I installed it on two SG 125s today and have not seen any problems yet.

  • Have installed 1 x SG210 and 1xUTM 220 both running ASG Software version, had no issues, been running for 12 hours, just to participate in this. Both from the looks beneath, I should have been carefull and not "lucky" ;)

  • 10 April 2020

            DO NOT INSTALL 9.703!!!                       DO NOT INSTALL 9.703!!!                       DO NOT INSTALL 9.703!!!                       DO NOT INSTALL 9.703!!!

    I recommend that this version be withdrawn.  See my post: community.sophos.com/.../434475

    Cheers - Bob

  • Updated my software firewall updated from 9.701 --> 9.703 just fine this morning, about 5 hours ago. Reboot took a bit longer than expected but I can't say for sure. Everything seems to be running just fine though.

    One observation however is that 'Management->Licensing->Active IP Addresses' currently shows 0 in use. I'm not sure if thats due to less than 24 hours since reboot or ???? but as I've actually been pushing the limit, I'm not complaining. More than likely however it's tracking just fine and the error is that it's not reporting it. Afraid I may breach and not know it.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?